If you are using SQL to record actions and log errors, make sure to validate the lenghth of all inputs before inserting into the database. If hackers can pass in a string that is too long they can cause an error that can allow their actions to bypass logging functions going into a database.